Test Kennung:	1.3.6.1.4.1.25623.1.0.69673
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2011:099 (libzip)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to libzip announced via advisory MDVSA-2011:099. A vulnerability has been identified and fixed in libzip: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:099 Risk factor : Medium CVSS Score: 4.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0421 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 46354 http://www.securityfocus.com/bid/46354 Bugtraq: 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) (Google Search) http://www.securityfocus.com/archive/1/517065/100/0/threaded Debian Security Information: DSA-2266 (Google Search) http://www.debian.org/security/2011/dsa-2266 http://www.exploit-db.com/exploits/17004 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.mandriva.com/security/advisories?name=MDVSA-2011:099 http://secunia.com/advisories/43621 http://securityreason.com/securityalert/8146 http://securityreason.com/achievement_securityalert/96 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0744 http://www.vupen.com/english/advisories/2011/0764 http://www.vupen.com/english/advisories/2011/0890 XForce ISS Database: libzip-zipnamelocate-dos(66173) https://exchange.xforce.ibmcloud.com/vulnerabilities/66173
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.